The NIS2 Directive: what organizations need to know right now
Discover Your NIS2 Compliance with Self-Assessment Tool!
Are you wondering if the NIS2 directive applies to your organization? Is your organization classified as essential or important? Are you under Dutch supervision?
Participate in the self-assessment tool from Rijksoverheid to gain valuable insights into your situation.
With this information, you can find out how Trend Micro™ can assist you in identifying cybersecurity gaps and support you on your journey toward NIS2 compliance.
Let us guide you toward a more secure future!
NIS2 Directive: Are You Compliant and Secure?
The NIS2 Directive strengthens EU cybersecurity by expanding its scope to critical sectors. It imposes stricter security measures, mandates timely incident reporting, and establishes tiered obligations for industries, resulting in increased government oversight and penalties for non-compliance. The NIS2 Directive ensures that non-EU entities with IT operations in the EU are also held to the same compliance standards. Additionally, executive management is personally liable for breaches, highlighting the need for robust security practices and enhanced cooperation among member states to secure supply chains.
Key Insights and Strategic Preparation
Navigate the NIS2 Directive effortlessly with Trend Micro’s advanced security solutions. We help you meet compliance requirements, protect critical data, and enhance your incident response. Secure your digital assets and tackle NIS2 challenges confidently.
Enhancements of the NIS2 Legislation
The NIS2 legislation builds on the previous NIS Directive and introduces several key improvements and expansions:
- Broader Scope: NIS2 now includes a wider variety of sectors and organizations, such as digital service providers, whereas the original NIS Directive primarily focused on critical infrastructures.
- Stricter Requirements: NIS2 imposes higher demands for cybersecurity measures, including more detailed guidelines for risk management and security practices.
- Increased Accountability: The responsibility for compliance now rests more heavily on senior management, meaning that executives can be held personally liable for shortcomings in cybersecurity.
- Enhanced Incident Reporting: NIS2 requires faster and more detailed reporting of cyber incidents, enabling authorities to respond more swiftly to threats.
- Sanctions and Enforcement: The penalties for non-compliance have been tightened, increasing the pressure on organizations to meet the new requirements.
- Regulatory Authority: Regulators may suspend business operations if it is essential for maintaining network security.
In summary, NIS2 strengthens and improves upon the foundation laid by the original NIS Directive, aiming for a more robust and uniform approach to cybersecurity in the EU.
Essential, critical or important industries
The NIS2 Directive identifies these industries
Essential or Critical Infrastructure Industries
≥ 250 employees, or annual revenue of ≥ €50 million, or a balance sheet total of ≥ €43 million
- Energy (electricity, oil, water, hydrogen)
- Health (hospitals, laboratories, research and development, pharmaceuticals, medical device manufacturers)
- Transport (air, rail, water, road)
- Banking and finance
- Drinking water
- Waste water
- Digital infrastructure (IXPs, cloud providers, data centers, CDNs, TSPs, electronic communication providers)
- ICT service management in B2B
- Space
- Public administration (central government, regional governments)
Fines for non-compliance
Up to €10 Million or at least 2% of the total worldwide annual turnover
of the preceding financial year, whichever is higher
Important Industries
≥50 FTE or ≥€10M annual turnover or balance sheet
of ≥€10M (or 2% of worldwide sales)
- Postal and courier service
- Waste management
- Chemical products
- Food
- Processing / manufacturing industries
- Digital services (online marketplaces, search engines, social networks)
- Research
Fines for non-compliance
Up to €7 Million or at least 1.4% of the total annual worldwide turnover
of the preceding financial year, whichever is higher
Is Your Organization Impacted by NIS2?
Participate in our self-assessment tool to determine if you are impacted by NIS2.
Ensure Cybersecurity Compliance with Trend Micro™
Discover how Trend Micro™ can assist you in addressing cybersecurity gaps and supporting your path to compliance.
Not in an affected industry? NIS2 Still Affects You!
Companies who may not be active in the specified industries are also strongly advised to comply with the NIS2 Directive, which requires adherence to cybersecurity standards. To remain competitive, they should be prepared for cybersecurity discussions during contract negotiations. Effective risk management is vital; assessing and mitigating cyber risks within their organization and with partners is essential.
Compliance strengthens reputation and fosters strong business relationships, while a proactive approach to cybersecurity enhances credibility and meets regulatory expectations, positioning them favorably with clients.
Got Questions? Let's Talk NIS2 and Cybersecurity!
Whether you need strategic insights or technical support, our team is ready to assist you. Reach out today to ensure your compliance and strengthen your cybersecurity posture!
Bart Herps
Solution Engineer